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V. Reasoned statement under Article 35(2) with regard to novelty, inventive step or industrial applicability; 
citations and explanations supporting such statement 

1 . Statement 

Novelty (N) Claims 1-10 YES 

Claims 11 NO 

Inventive step (IS) Claims 1-10 YES 

Claims 1 1 NO 

Industrial applicability (IA) Claims 1-11 Y ES 

Claims NO 

2. Citations and explanations 

The subject matter of Claims 1-10 is novel and involves an 
inventive step as none of the documents cited describes or 
suggests the use of public key cryptography for key 
authentication by the lock. Documents EP-A-807 911 and 
EP-A-727 894, in this case, use a random secret session 
key or a secret communication key between the authority 
and the user respectively. The double use of cryptographic 
public key systems provides improved security. 

Claim 11 is an independent claim since its subject matter 
is different from that of the other independent claims. 
This claim clearly indicates that it comprises 
cryptographic and transmission means for carrying out the 
protocol of one of Claims 1-17, but does not indicate the 
exact nature of these means in the preamble. Merely 
indicating means for carrying out a protocol which is the 
subject matter of an independent claim from another 
category does not have any limiting effect on said means. 

Claim 11 specifies in the characterising portion, that 
these means comprise a memory zone storing a public key 
and a memory comprising the program for checking the 
signature. However, these means are already known from 
document FR-A-2 722 596. 
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Therefore the subject matter of Claim 11 is not novel. 
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ACCESS CONTROL PROTOCOL BETWEEN AN ELECTRONIC 
KEY AND AN ELECTRONIC LOCK 

The present invention relates to an access control 
5 protocol between an electronic key and an electronic lock 
effecting logical access control. 

Logical control of access to buildings, to premises 
containing data processing systems or systems storing 
assets, fiduciary, technology or information assets, is 
10 currently of great and increasing interest. 

Access control methods usually employ a portable 
access element functioning as a key, referred to as the 
accessing resource, and an access resource functioning as 
a lock. 

15 Logical access control between an accessed resource 

functioning as an electronic lock and an accessing 
resource functioning as an electronic key currently 
consists of a succession of operations to verify 
information or messages exchanged between the electronic 

20 key and the electronic lock. 

One of the main advantages of logical access 
control, compared to conventional physical access control 
of the lock-and-key type, is the facility to allow access 
to an accessed resource only within a predetermined short 

2 5 time period. 

However, if the system comprising the accessing 
resource and the accessed resource provides one or 
several accessing resources allowing access to several 
accessed resources through similar logical access 

3 0 control, counterfeiting during the validity time period 

of either an electronic key functioning as the accessing 
resource or the access control dialogue between one of 
the electronic keys and one of the access resources 
functioning as an electronic lock can then allow 
35 illegitimate access to all of the accessed resources. 
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Merely reproducing the logical access control dialogue 
between the accessing resource and one of the accessed 
resources allows such illegitimate access through a 
procedure referred to as "playback" . 
5 A conventional solution that has been implemented 

with the aim of responding to any such illegitimate use 
applies logical access control based on cryptographic 
mechanisms to limit the period of validity of the right 
of access to a short period, to foil illegitimate use 

10 outside the validity time period in the event of loss, 
theft or illicit holding of the electronic key. One such 
solution, described in French Patent Application No. 
2 722 596 (94 08770) in the name of FRANCE TELECOM and LA 
POSTE and published 9 January 1996, establishes a digital 

15 signature of the time period during which access is 
authorised. Access to the accessed resource is 
conditional on verification of the aforementioned digital 
signature within the accessed resource. 

Another conventional solution implemented with the 

2 0 same aim, more particularly to respond to playback, uses 
a random variable to introduce a variability or diversity 
characteristic into the access control dialogue between 
the key and the electronic lock. A solution of this kind 
would appear to have limitations because the random 

2 5 nature of the random variables obtained by means of the 

usual random or pseudo-random generators is not totally 
satisfactory unless one or more external physical 
variables of a purely random nature are used and because 
non- repetitive production of such random numbers is not 

3 0 certain, and will therefore not discourage highly skilled 

hackers who are determined to succeed and who have access 
to powerful computation resources. 

In any event, the aforementioned solutions are 
therefore unable to prevent with certainty either 
3 5 illegitimate use of an electronic key or playback during 
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the validity time period of an accessed resource. 

The object of the present invention is to remedy the 
aforementioned drawbacks of prior art solutions. 

An object of this kind is achieved in particular by 
integrating into the logical access dialogue between an 
accessing resource and at least one accessed resource a 
process of authentication of the accessing resource by 
the accessed resource and making authorisation or refusal 
of access conditional on a successful outcome of the 
authentication process. 

Another object of the present invention is 
consequently to use an access control protocol between an 
accessing resource consisting of an electronic key and an 
accessed resource consisting of an electronic lock in 
such a way that the authentication process is conducted 
in accordance with a challenge-and-response protocol and, 
in a particularly remarkable manner, the risk of the 
electronic key being compromised is further and 
significantly reduced to that caused by the presence in 
the electronic key of a simple right of access. 

A final object of the present invention is to 
prevent all risk of picking an electronic lock by 
playback in a given validity time period because of the 
very existence of the authentication process. 

The access control protocol according to the 
invention between an electronic key and an electronic 
lock performing said access control is remarkable in 
that, following presentation of the electronic key to the 
electronic lock, the protocol consists of transmitting a 
random variable message prompting authentication of the 
electronic key from the electronic lock to the electronic 
key. On receiving the random variable message prompting 
authentication, a signature value of the random variable 
message prompting authentication and specific 
authentication data are transmitted from the electronic 



WO 99/40546 



4 



PCT/FR99/00249 



key to the electronic lock, the signature value 
transmitted being calculated from a private signature key 
and the specific authentication data. After reception by 
the electronic lock of the signature value and the 
specific authentication data, the electronic lock 
verifies the authenticity of the signature value as a 
function of the specific authentication data. In response 
to a positive or negative result of said verification 
access is accepted or respectively refused. 

The access control protocol in accordance with the 
invention between an electronic key and an electronic 
lock can be applied to all types of accessing resource 
and to all types of accessed resource. 

Because the risk of playback is eliminated, 
calculating the signature value of the random variable 
message prompting authentication, making determination of 
that signature improbable in the absence of physical 
possession of the electronic key generating it, the 
protocol according to the present invention would appear 
to be particularly well suited to the secure management 
of a plurality of accessed resources, such as mailboxes, 
or even strongboxes, by means of one or more accessing 
resources, or electronic keys, enabling legitimate access 
to each of the accessed resources, the number of 
electronic keys being very much less than the number of 
mailboxes or strongboxes. 

The invention will be better understood after 
reading the following description and referring to the 
accompanying drawings, in which: 

figure la shows a general block diagram of the 
access control protocol in accordance with the present 
invention between an electronic key and an electronic 
lock; 

figure lb shows a sequential flowchart of the 
succession of steps for implementing the access control 
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protocol in accordance with the present invention between 
an electronic key and an electronic lock; 

figure lc shows a preferred embodiment of a 
signature verification procedure used by an electronic 
5 lock (accessed resource) in accordance with the protocol 
according to the present invention; 

figure Id shows one example of a mode of 
operation for obtaining a random variable message 
providing an authentication process in accordance with 
10 the protocol according to the present invention; 

figure le shows a procedure carried out by an 
electronic key for auxiliary verification of a public key 
enabling the electronic key to perform the random 
variable message signature operation in the context of 
15 the protocol according to the present inventions- 
figure If shows one example of a method of 
reducing picking of an electronic lock outside at least 
one validity time period conforming to the protocol 
according to the present invention; 
2 0 - figure lg shows a particularly advantageous 

variant of the auxiliary verification process shown in 
figure le in which, if the electronic key has an internal 
clock, an additional security feature consisting of total 
invalidation of the electronic key is provided for 
25 situations in which access is attempted outside the 
validity time periods- 
figure 2a shows a first advantageous variant of 
the protocol according to the present invention which 
avoids storing a second public key in each electronic 
30 lock, which increases the overall security level of the 
system as a whole; 

figure 2b shows a sequential flowchart of the 
steps of the protocol shown in figure 2a; 

figure 3a shows a block diagram of the 
35 electronic architecture of an electronic key for 
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implementing the access control protocol according to the 
present invention; and 

figure 3b shows a block diagram of the 
electronic architecture of an electronic lock for 
5 implementing the access control protocol according to the 
present invention . 

An access control protocol in accordance with the 
present invention between an electronic key and an 
electronic lock providing logical access control will now 
10 be described in more detail with reference to figures la 
and lb . 

The access control protocol according to the present 
invention consists of a logical access control dialogue 
between the electronic key and at least one electronic 

15 lock, this logical access control incorporating a process 
of authentication of the electronic key by the electronic 
lock in order to authorise or refuse access . The 
authentication process uses message and/or data signature 
calculation and signature verification operations 

2 0 verifying the authenticity of the aforementioned messages 
or data. 

By way of non- limiting example, the signature 
calculation operations followed by the signature 
verification operations included in the protocol 

2 5 according to the present invention can be based either on 

a secret key signature algorithm or on a public key 
algorithm using a private signature key associated with a 
public signature verification key. 

The signature calculation and signature verification 

3 0 operations for implementing the access control method 

according to the present invention are described 
hereinafter in connection with one non-limiting preferred 
embodiment of the invention using an encryption or 
signature algorithm employing at least one public key and 
35 one private key, the algorithm being the RSA algorithm 
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developed by RIVEST, SHAMIR and ADLEMAN, for example. 
Other public key algorithms can be used without 
disadvantage . 

Employing the usual terminology, in the context of 
5 the signature calculation and signature verification 
processes, if a public key algorithm is used, any 
signature key is a private key, which must be kept 
secret, whereas any signature verification key is a 
public key, which can be divulged. However, if a secret 
10 key algorithm is used and the secret key can be used as 
an encryption key to carry out a signature operation, a 
key of this kind and the signature verification key must 
be secret keys . 

By convention, for any private key used to calculate 
15 a signature, the notation used for the calculation of the 
signature obtained by application of the private key Kg by 
the signature algorithm used, i.e. the RSA algorithm in 
the context of this example, is: 

S KS (A,B,C) 

2 0 Likewise, the notation used for any signature 

verification operation effected by applying the public 
key K p associated with the private key Kg to the 
aforementioned signatures or signed messages X,Y,Z, the 
signature being a digital message, is: 
25 v KP (X, Y,Z) 

In any signature calculation operation, respectively 
signature verification operation, A,B,C, respectively 
X,Y,Z, designates the arguments subjected to the 
signature operation, respectively signature verification 

3 0 operation, these arguments consisting of messages or 

data, of course, as previously mentioned. 

By definition, the verification operation using the 
public key K p applied to a signature obtained by means of 
a private key K s applied to an argument A and taking A as 
35 an input parameter produces a Yes/No verification 
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response. This verification is written: 
- v KP (S KS (A) ,A) = Yes/No. 

If message re-establishing algorithms are used for 
the signature and signature verification operations, such 
5 as the RSA algorithm, a verified value VA of the argument 
A is obtained, and is supposedly equal to the argument A 
itself, of course. 

To be more specific, to enable the use of the access 
control protocol according to the present invention, the 

10 electronic key and the electronic lock are each provided 
with modules Ca k and Ca ± for calculating and memorising 
data, to enable storage in memory of any message 
necessary for the identification process, calculation of 
the signatures and verification of the signatures to 

15 enable use of the authentication process. The suffixes k 
and i represent a physical reference or address allocated 
to an electronic key and to an electronic lock, 
respectively . 

In figure la and the subsequent figures, an 

2 0 electronic key EK kj is used to implement the access 

control protocol according to the invention. The suffix k 
corresponds to a serial number or identifying number of 
the electronic key itself. The suffix j corresponds to a 
validation operation reference or address for the 
25 electronic key EK kj/ as described in more detail later. 

Each electronic key EK kj is therefore provided with a 
calculation module Ca k and a message transmission module 
T k , represented by a wire antenna connected to the 
calculation unit Ca k , the wire antenna enabling 

3 0 transmission of messages by electromagnetic means, for 

example . 

The same applies to each electronic lock. Figure la 
shows a set of electronic locks B 1# B ± to B N , each 
electronic lock B t having a calculation and memory module 
35 Cai and a transmission module T ± represented by a wire 
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antenna and enabling electromagnetic transmission and 
reception of messages or data, for example. 

In the event of an attempt to access a lock B ± using 
a key EK kj/ the respective wire antennas T k and T A are 
5 brought face -to- face to enable the exchange of messages 
for assuring the previously mentioned logical access 
control . 

Generally speaking, in figure la, as in all the 
figures accompanying this description, in any general 

10 block diagram including various actors of the access 
control protocol according to the invention, any 
transaction, i.e. any exchange of messages between 
actors, is represented by an arrow extending from one of 
the actors to the other. 

15 If an operation is effected internally, by the 

actors, that operation is represented by a closed arrow 
indicating internal execution for the actor concerned. 

Finally, any transaction between two actors 
performed as an antecedent to implementation of the 

20 protocol according to the present invention is 
represented by a dashed line arrow. 

The access control protocol according to the present 
invention between an electronic key and an electronic 
lock is implemented under the control of a certification 

25 authority shown diagrammatical ly in figure la and 
responsible for general management of the set of 
electronic keys EK kj and the set of electronic locks B A 
accessible by means of at least one of the electronic 
keys . 

30 As shown in figure la, the certification authority 

can consist of a signature entity which is approved to 
choose and define a private key K s in the context of 
execution of the signature algorithms previously referred 
to. The private signature key Kg is therefore chosen by 

35 the signature entity and this signature key is neither 
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communicated nor divulged to any other actor authorised 
to use the access control protocol according to the 
present invention. 

The certification authority further comprises a 
5 validation entity which can be separate from the 
signature entity but is related to it hierarchically. The 
signature entity communicates to the validation entity 
the public key K p associated with the private key Kg and 
authentication data DAj which in fact consists of the 

10 signature using the private key Kg held by the 
certification authority of a certain number of arguments, 
including in particular a second public key K' p , a time 
period value PHj associated with the second public key K' p 
and, for example, specific auxiliary data AUX. In the 

15 remainder of the description, the time period PHj is 
referred to as the validity time period. 

The second public key K' p is associated with a 
private key K' s . The initiative for choosing the second 
private key K' s and the second public key K' p can be 

2 0 accorded to the validation entity. 

To implement the access control protocol according 
to the present invention, each electronic key EK kj is 
subjected to a validation operation Vj consisting of 
loading and/or downloading the data parameters and 

25 messages held by the validation entity and needed to 
implement the access control protocol according to the 
present invention into the memory circuits of each of the 
aforementioned electronic keys EK kj . The operation Vj is 
therefore shown in chain-dotted line in figure la, 

30 because it is carried out before the first use of a 
particular electronic key, of course. During this 
operation, the authentication data DAj and the second 
private key K' s are loaded into the memory circuits of 
each electronic key EK kj and appropriate memory circuits 

3 5 for the data and the key are preferably provided in the 
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calculation unit Ca k/ the memory circuits including at 
least one protected memory area whose level of protection 
substantially corresponds to that of the protected memory 
areas of a smart card, for example, in order to store the 
5 second private key K' s in a secure manner. The 
authentication data DAj is specifically loaded before one 
or more uses of the electronic key EK kj . 

Thus each electronic key EK kj , which is unusable 
before any validation operation Vj , is in fact replaced by 

10 an operational electronic key EK kj , the suffix j 
designating the reference to the authentication data DAj 
associated with the aforementioned electronic key, and in 
particular the validity time period of the second private 
key K' s and the second public key K' p associated with that 

15 time period. 

Also, the validation operation Vj consists of 
loading or downloading into each key EK kj the first public 
key K p corresponding to the first private key Kg held by 
the certification authority. Specifically, the first 

2 0 public key K p is loaded once only into each electronic key 
EK kj before one or more successive uses, according to the 
key management policy defined by the certification 
authority for each application concerned. 

A step V ± (figure la) of validating each electronic 

2 5 lock B ± consists of storing in memory and loading and/or 

downloading into the memory circuits of each calculation 
unit Ca A the first and second public keys K p , K' p referred 
to previously. 

After the aforementioned validation operations Vj 

3 0 and V i; the access control protocol according to the 

present invention can be conducted between a validated 
electronic key EK kj and any electronic lock Bi that has 
also been validated, as previously mentioned. 

Any attempt at access by an employee holding an 
3 5 electronic key EK kj entails that person bringing together 




WO 99/40546 12 PCT/FR99/00249 

the respective transmission units T k and T ± of the 
electronic key and the electronic lock. 

This having been effected (by way of non- limiting 
example) between the key and the lock B t shown in figure 
5 la, the electronic key EK kj sends the electronic lock B t 
an identification request message A ki . The identification 
request message can be an identification number specific 
to the electronic key EK kj , for example. Following 
verification of the identification request message A ki/ 

10 the electronic lock B ± can implement the access control 
protocol according to the present invention, as described 
hereinafter. The aforementioned verification operation 
can simply consist of verifying the value of the message 
communicated against reference values. 

15 Referring to the aforementioned figure, the access 

control protocol according to the present invention 
consists at least of transmission from the electronic 
lock Bi to the electronic key EK kj of a random variable 
message a ±j prompting authentication of the electronic 

2 0 key, after reception by the electronic lock B ± of the 
identification request message A ki sent to it by the 
accessing electronic key. 

Following reception by the electronic key of the 
random variable message a id prompting authentication, the 

2 5 key calculates a signature value C ± of the random variable 

message prompting authentication. In figure la, this step 
is denoted: 

C t = S K , S (a^ ) . 

Given the convention indicated, the signature value of 

3 0 the random variable message prompting authentication is 

obviously obtained from the second private key K' s . It is 
clear in particular that the signature operation Ci in 
respect of the random variable message prompting 
authentication a ±j in fact establishes the right of access 
3 5 of the electronic key to the electronic lock for the true 
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value of that signature. It is further clear, in 
accordance with one particularly advantageous aspect of 
the protocol according to the present invention, that the 
right of access is modified for each transaction and each 
5 attempted access. 

Following this signature calculation step, the 
electronic key EK kj transmits to the electronic lock B L 
the signature and specific authentication data DAj , the 
data being specific to the validity time period PHj of the 
10 second private key K' s and the second public key K' p 
associated with that validity time period, of course. The 
aforementioned transmission operation is denoted Ci, DAj 
in figure la. 

Following reception by the electronic lock Bi of the 
15 signature value C ± and the specific authentication data 
DAj , the electronic lock B ± verifies the authenticity of 
the signature value as a function of the specific 
authentication data, as shown by a closed arrow in figure 
la. In the same manner as previously, the aforementioned 
20 verification operation by the electronic lock B ± is 
denoted v^.p ( (C i# DAj) , K p , K' p ) = Yes/No. 

Given the convention previously adopted, it is clear that 
the aforementioned verification step is effected by 
applying the first and second public keys K p , K' p , taken 

25 as parameters. The application of the aforementioned keys 
can also restore verified values of the random variable 
message transmitted by the electronic lock Bi to the 
electronic key and the specific authentication data DAj. 
The verification operation enables the electronic lock Bi 

3 0 to decide to accept or refuse the requested access, 
according to whether they are authentic or not. Thus in 
the event of a positive result (Yes) of the 
aforementioned verification step, access is allowed 
whereas in the event of a negative result (No) access is 

35 refused. 
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A sequential description of the access control 
protocol according to the invention, as shown by the 
general block diagram in figure la, will now be given 
with reference to figure lb. 
5 In figure lb, step 1000 represents the step of 

transmission by the electronic key EK kj of the 
identification request message A ki . That step is followed 
by a step 1001 representing the transmission of the 
random variable message a i;j by the electronic lock B ± to 

10 the electronic key EK kj . The next step 1002 represents, 
based on the initial validation data Vj, and successively, 
the calculation of the random variable message signature 
C z and transmission of the signature and the specific 
authentication data DAj . The preceding step 1002 is itself 

15 followed by the step 1003, effected by the electronic 
lock and based on the initial validation data V it of 
verifying the authenticity of the signature value, 
according to the specific authentication data. 

By way of non- limiting example, and for simplicity, 

2 0 the aforementioned verification step can generate a 
verification variable V, itself corresponding to a logic 
value 0 or 1, i.e. to the Yes or No result mentioned 
previously. This being the case, step 1003 is then 
followed by a step 1004 which is carried out at the level 

2 5 of the electronic lock to verify the true value of the 

verification logic variable V or the Yes, No result. The 
true value of the latter leads to authorisation of access 
(step 1006) whereas the absence of a true value leads to 
refusal of access (step 1005) . 

3 0 With regard to the nature of the specific 

authentication data DAj transmitted by the electronic key 
EK kj to the electronic lock Bi, as shown in figure la, the 
data consists of at least a public key certificate 
associated with the private signature key K' s . The public 
35 key certificate consists of a digital signal value of at 
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least one validity time period PHj relative to a right of 
access and the second public key K' p . 

Accordingly, given the convention previously 
indicated, the specific authentication data DAj 
5 corresponds to the signature of various arguments such 
as the second public key K' p associated with the private 
signature key K' s , at least one time period PH a associated 
with the second public key K'p, the specific 
authentication data Da.j being obtained by application of 

10 the private signature key K s of the signature entity. In 
particular, it is clear for example that various time 
period values can be used, for example by employing a 
diversity program for choosing a specific time period 
from among several such periods . 

15 Note, however, that apart from the two second public 

key arguments K' p and PHj previously mentioned, another 
argument relating to the auxiliary data AUX can be 
subjected to the aforementioned signature operation Sj^ . 
The auxiliary data can advantageously comprise, although 

20 this is not limiting on the invention, a serial number of 
the associated electronic key EK kj , that serial number 
representing a code of the suffix k indicative of the 
aforementioned electronic key. Other digital values or 
data can be transmitted by the electronic key, by way of 

25 the field relating to the auxiliary data, as described 
later . 

The transmission steps 1000, 1001 and the 
transmission substep of step 1002, as shown in figure lb, 
are performed by the transmission systems of the 
3 0 electronic key EK kj and the lock Bi, denoted by the 
reference T ± in the case of the lock. 

Finally, in one advantageous embodiment of the 
access control protocol according to the present 
invention, the step of transmitting the electronic key 
3 5 EK kj to the electronic lock B ± , shown in figure la and 
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referenced 1002 in figure lb, can consist of transmitting 
the second public key K' p obtained from the authentication 
data DAj, for example, in addition to the signature value 
C ± of the random variable message prompting authentication 
5 and the authentication data DAj . For this reason, the 
second public key K' p is shown in parentheses during the 
transmission step shown in figure la and referenced 1002 
in figure lb. In a case like this, it is naturally not 
necessary to store the second public key K' p in memory in 

10 the electronic lock during the operation V t to validate 
each electronic lock B ± . The first public key K p is then 
used during the operation of verifying the authentication 
data v KPK , p (C if DAj ) to attest to the authenticity of the 
second public key K' p transmitted. 

15 Generally speaking, the step of verification of the 

authenticity of the signature value by the electronic 
lock can be effected by means of a secret key when the 
signature calculation operation is based on that secret 
key or another secret key or a public key if the 

20 signature operation is based on a private key. 

A more detailed description of the verification step 
1003 effected by the electronic block B t will now be given 
with reference to figure 1c, in the specific but non- 
limiting situation of using a message re-establishing 

2 5 algorithm such as the RSA algorithm. 

As shown in the aforementioned figure, the 
verification step 1003 includes, in succession, a first 
verification step 1003a effected by the electronic lock 
Bi, this verification consisting of verifying the 

3 0 authenticity of the specific authentication data DAj 

against reference data comparison criteria stored 
previously in the memory circuits of the electronic key 
EK kj . It is clear in particular that applying the first 
public key K p available to the signature provides a 

35 verified value of the public key K' p associated with the 
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private signature key K' s , given the conventions referred 
to above, the verified public key value denoted VK' p/ and 
a verified value of the time period PHj. The auxiliary 
data is also reproduced when auxiliary data is 
5 transmitted by means of the argument AUX in the signature 

Accordingly, and in a manner that is not limiting on 
the invention, the reference data stored in the memory 
circuits of the electronic key EK kj does not correspond 

10 only to the second public key K' p associated with the 
private signature key K' s/ the time period value PHj and, 
where applicable, the serial number of the key, which can 
be stored in a protect read-only circuit. The verified 
values following the operation of verifying the reference 

15 values can then be compared by a simple equality 
comparison 1003a. In step 1003a there is merely shown the 
equality test on the verified value of the second public 
key VK'p against the stored value of the second public key 
K'p. 

20 In the event of a positive result of the 

aforementioned comparison in step 1003a, a second 
verification is performed by the electronic lock Bi in 
step 1003b. As shown in the aforementioned figure, this 
second verification consists of verifying the signature 

25 value of the random variable message prompting 
authentication . 

Given the previous conventions, the second 
verification is denoted: 

VK'p(Ci) = v^S^a^) ) . 

3 0 Clearly during this second verification step performed in 
step 3000b, a verified value Va Aj is obtained for the 
random variable message prompting authentication. The 
verified value of the random variable message prompting 
authentication can then be compared with the random 

35 variable message prompting authentication a ij# which will 
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have been stored beforehand in the memory circuits of the 
electronic block B it of course. 

Thus it is clear that the second verification of the 
signature value is conditional on verification of the 
5 second public key K' p associated with the private 
signature key K' s and therefore, in the final analysis, on 
the aforementioned specific authentication data DAj . 

Generally speaking, the first verification of the 
authenticity of the specific authentication data, 
10 represented in step 1003a in figure lc, can consist of 
checking the validity time period PHj associated with the 
second public key K' p . By applying the first public key K p 
to the signature (K' p , PHj , AUX) , the verification step 
enables the value of the validity time period PHj 
15 associated with the second public key K' p to be obtained, 
alone, of course. 

As shown in figure Id, the random variable message 
prompting authentication a id mentioned above can depend on 
an identification value CBi of the electronic lock. It can 

2 0 correspond to a serial number or a coded arbitrary number 

allocated to the aforementioned electronic lock Bi. 

As also shown in figure Id, the random variable 
message a Aj can also depend on a continuously increasing 
variable count value CO which can correspond to a date 
25 value expressed as a year Y, month M, day D, hour H, 
minute m and second s . 

It is clear, for example, that the field CBi and the 
field CO relating to the identification value of the 
electronic lock and to the continuously increasing 

3 0 variable value can be coded on the same number of bits, 

for example 32 or more bits, in which case each field can 
be combined bit-by-bit on the basis of a logical 
composition law ®, for example, to generate a component 
r ±j of the random variable message prompting 
35 authentication, as shown in figure Id. The composition 
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law is an exclusive-OR operation, for example. The random 
variable message a ±j is then obtained by concatenating the 
component r ±j and the fields CBi and CO. This coding 
method guarantees that the random variable message 
5 obtained is not repetitive. 

Although the field relating to the serial number of 
the electronic lock CBi can be given by any protected 
memory element available in the memory circuits of the 
aforementioned electronic lock, the count value CO can be 

10 delivered either by an incremental counter or by an 
internal clock available in each electronic lock. Using 
an incremental counter has the advantage of simplifying 
the circuits required to implement each electronic lock. 

One particularly advantageous embodiment of the 

15 access control protocol according to the present 
invention between an electronic key and an electronic 
lock will now be described with reference to figure le. 

Figure le shows the electronic key EK kj as shown in 
figure la, for example. However, in addition to the 

20 calculation circuits Ca k associated with the 
aforementioned electronic key, the key has an internal 
clock CK. The internal clock delivers a clock signal VCK 
to the corresponding calculation unit Ca k . 

This being so, and as shown in figure le, the 

25 protocol according to the present invention further 
consists of an auxiliary verification step 1007 for 
verifying authorisation of signature calculation for the 
random variable message prompting authentication. The 
auxiliary verification step is carried out by the 

3 0 electronic key EK kj following reception of the random 
variable message prompting authentication a i;i in step 
1001, as shown in figure la, but before the step of 
calculation and transmission of a signature value by the 
electronic key, as shown in step 1002 in the 

35 aforementioned figure. 
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The auxiliary verification step 1007 consists of 
using the first public key K p to check the public key 
certificate and the validity time period PHj associated 
with the aforementioned second public key K' p against the 
5 internal clock. 

Given the above conventions, and taking the second 
public key K' p as a parameter, the verification operation 
is denoted: 

- VKptS^K'pfPH^AUX) ,K' P ) = Yes/No 

10 However, using a message re-establishment algorithm leads 
to an operation denoted: 

- v KP (S KS (K' p/ PH j ,AUX) ) 

which produces the verified value VK' P of the second 
public key which can be compared to the value of the 

15 second public key K' p , as previously mentioned. 

The aforementioned verification step then provides 
the verified value of the validity time period PHj . The 
value of the clock signal VCK is compared to the validity 
time period PHj to verify the validity of the second 

20 public key K' p with which the aforementioned validity time 
period is associated. For example, the value of the clock 
signal VCK for a given validity time period can be 
compared to the limits which define the aforementioned 
validity time period PHj. 

25 Step 1007a is followed by a step 1007b consisting of 

verifying the association of the second private signature 
key K' s with the second public key K' p whose validity was 
verified in the preceding step 1007a. The association 
verification operation carried out in step 1007b can 

30 consist of calculating a signature S K , S (X) obtained by 
applying the second private signature key K' s to a random 
variable X generated by the electronic key EK kj (see 
figure le) . A verification step applied to the 
verification signature value (S K , S (X) then constitutes the 

35 association verification step, the verification applying 
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to the signature calculated previously and being denoted: 
v K . P (S K - s (X) ) . 

This verification step produces a verified value VX of 
the random variable X in step 1007b. A test which 
compares the verified value VX of the random variable X 
with the previously stored random variable X determines 
the validity of the association of the second private 
signature key K' s with the second public key K' p , whose 
validity was verified in the preceding step 1007a. 

Verifying that the validity time period PHj is 
compatible with the clock signal VCK, that the verified 
value VK' P of the second public key K' P is identical to 
the value of the second public key K' p , and that the 
verified value of the random variable VX is identical to 
the value of the random variable X constitutes a test 
which, if the result is positive (step 1007c, see figure 
le) , enables the protocol according to the present 
invention to continue (step 1007e) , which is followed by 
the signature of the random variable message prompting 
authentication a ±i (step 1002) . In the event of a negative 
result, the aforementioned protocol is interrupted (step 
1007d) . 

Performing the verification operations 1007a and 
1007b using the message re-establishment signature 
verification algorithms, such as the RSA algorithm, 
previously referred to can preferably be carried out when 
the second public key K' p is transmitted, in the 
subsequent step of transmitting the electronic key EK^ to 
the electronic lock Bi. In any other case, in the absence 
of such transmission, the verification operation can be 
reduced to an operation of the following type, taking the 
second public key K' p as parameter: 

- v^SKsdC'^PH^AUX) ,K' P ) = Yes/No 

What is more, the protocol according to the present 
invention can be adapted to limit all attack outside of 
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the validity time period PHj associated with the second 
public key K' p . 

To this end, as shown in figure If, during the step 
of verification by the electronic lock Bi of the 
5 authenticity of the signature value (step 1003 in figure 
la and more particularly steps 1003a and 1003b in figure 
lc) , following the first step 1003a of verifying the 
authenticity of the specific authentication data DA j; 
consisting of checking the validity time period 

10 associated with the first public key K p , but prior to the 
second verification step 1003b shown in figure lc, a 
plurality of tests (1003a!, figure If) can be carried out 
to limit all attack outside the aforementioned validity 
time period. In figure If, the plurality of tests is 

15 represented, in a manner that is not limiting on the 
invention, as a comparison, within the aforementioned 
validity time period, of the count value CO delivered by 
the electronic lock Bi or, where applicable, a time signal 
delivered by a clock when the electronic lock has a 

20 clock. To be more specific, this test can consist of 
comparing the count value CO to limits defining the 
aforementioned validity time period PHj , for example. If 
the count variable CO or the corresponding time signal is 
not inside the validity time period, the electronic lock 

25 Bi refuses any attempt at access. Other tests limiting 
attack outside the validity time period can be 
considered. 

With regard to tests for limiting all attack outside 
a particular time period PHj , a preferred non- limiting 

3 0 embodiment will be described hereinafter in the situation 
where the electronic key has a real-time clock. At the 
time of any attempt at access, if the verification step 
such as the step 1007a has been effected validly at the 
level of the electronic key EK kj , in particular the test 

35 for the compatibility of the time variable delivered by 
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the clock signal VCK with the time period PHj, the current 
time variable VCK delivered by the real time clock is 
stored in the electronic key EK kj . 

During the step of transmitting the electronic key 
5 EK kj to the electronic lock B i# shown in Fig ,1a and 
referenced 1002 in Fig. lb, the time variable VCK is 
transmitted in addition to the signature value C ± and the 
authentication data DA j# and the second public key K' p 
where applicable. For this reason the time variable is 

10 shown in brackets. 

The subsequent verification steps can then be 
performed in the electronic lock Bi- 

As shown in figure If , for a count value CO 
delivered by a counter in the electronic lock B ± , a count 

15 value at the time of the attempt at access and a 
reference value VC ref corresponding to a count value at 
the time of a previous attempt at access, for example, 
are stored in the lock. 

For a time period PHj reduced to a time interval 

20 [VH X/ VH 2 ] , it is verified that the time variable VCK 
stored in memory and transmitted is after VU X and before 
VH 2 and also that VCK is after VC ref . If any of the 
foregoing verifications is not satisfied, access to the 
lock B ± is barred. It is accepted otherwise. 

25 Of course, and in a manner that is not limiting on 

the invention, the time period PHj can comprise a 
plurality of non-contiguous time intervals. In this case, 
the time period PHj can be expressed in the form of a 
union of time intervals, in which U represents the UNION 

30 operator: 

PHj = [VH X , VH 2 ] U [VH 3/ VHJ U ... U [VH^, VH n ] 
The limits which delimit each time interval can 
advantageously each be expressed as a date in the form 
day, month, year and a time in the form hour, minute, 

35 second. 
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To confer a very high level of security on the 
access control protocol according to the present 
invention, even more strict measures can be applied, in 
particular at the level of the electronic key EK kj , to 
limit further risk of fraudulent use of the electronic 
key, in particular if it is lost or stolen. To this end, 
as shown in figure lg, the step 1002 shown in figure la 
of calculating a signature value of the random variable 
message prompting authentication can be preceded by a 
signature authorisation auxiliary verification step, 
repeating some parts of the verification step 1007 shown 
in figure le, but increasing the security level of the 
verification by introducing a step of self -invalidation 
of the electronic key EK kj under conditions explained 
below. 

The electronic key EK kj includes a clock CK 
delivering a clock signal VCK required for implementing 
the auxiliary verification step shown in figure lg, in 
the same manner as in the case of implementing the 
auxiliary verification step of figure le . 

This being so, as shown in figure lg, the auxiliary 
verification step 1007 comprises a step of checking that 
a time variable, the clock signal VCK delivered by the 
real time clock CK, is inside the validity time period 
PH.,. Clearly, to this end, the step 1007a shown in figure 
lg corresponds substantially to the step 1007a shown in 
figure le. 

Likewise the step 1007b shown in both of the 
aforementioned figures. 

In the case of figure lg, the step 1007c of figure 
le is in fact subdivided into two sub-steps 1007c! and 
1007c 2 , for example. 

The step 1007c! consists of testing that the time 
variable VCK delivered by the real-time clock is inside 
the validity time period PH.,. If the result of the test in 
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step 1007C-L is positive, step 1007c 2 compares the verified 
value VK' P of the second public key K' p to the value of 
the second public key K' p and the verified value VX of the 
random variable X to the aforementioned random variable 
5 X, for example. 

If the result of the test in step 1007c! is 
negative, for example, in other words if the time 
variable VCK is not inside the time period PHj , the 
protocol according to the present invention consists of 

10 executing a step 1007c 3 which invalidates the electronic 
key EK kj . The invalidation step 1007c 3 then leads, of 
course, to a step 1007d of interrupting the access 
control protocol according to the present invention, on 
the grounds that the electronic key cannot be used. 

15 Various techniques can be used to invalidate the 

electronic key EK kj , such as short-circuiting the supply 
voltage of the electronic circuits, i.e. the calculation 
circuit Ca k of the electronic key, and dissipating all of 
the electrical energy powering those circuits, or where 

2 0 applicable setting one or more switch-off variables for 

inhibiting the operation of the electronic key concerned. 

On the other hand, if the result of the test in step 
1007c 2 shown in figure lg is positive, the protocol 
continues (step 1007e, i.e. step 1002 of calculating the 
25 signature of the random variable prompting authentication 
a i:i as shown in figure la) . 

Variants of the access control protocol according to 
the present invention are naturally feasible, in 
particular to assure an optimum level of security, both 

3 0 at the level of each electronic key EK kj and at the level 

of each electronic lock B t . 

Figure 2a shows a variant of the access control 
protocol according to the present invention which is 
particularly noteworthy in that no second public key K' P 
3 5 is stored in memory in each electronic lock Bi. 
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To this end, firstly, the operation of validating 
each electronic lock B ± consists of a validation operation 
V ± in which only the first public key K p is stored in the 
memories of the calculation units of each electronic lock 

5 

Secondly, the operation Vj of validating each 
electronic key EK kj consists of transmitting only the 
specific authentication data DA a and the second private 
signature key K' s . The second private signature key K' s is 
10 transmitted and stored in the memories of the calculation 
circuits Ca k of the electronic key EK kj . 

During attempted access, in accordance with the 
protocol according to the present invention, the steps of 
transmitting the access request identification message A ki 
15 and the random variable message prompting authentication 
a ±j from the electronic lock B ± to the electronic key EK kj 
are unchanged . 

On the other hand, the step 1002 previously 
described of calculating the signature value of the 

2 0 random variable message prompting authentication a i:i is 

modified in the following manner. The authentication data 
is verified first, this verification being denoted 
Vkp^ksCK^PH^AUX) ) . 

With the preceding convention, the second public key 
25 K' p is restored, which enables the signature value 
c i = S K's< a ij) of the random variable message to be 
calculated on the basis of the available second private 
signature key K' s . Because the signature value is 
available and stored in memory, the operation of 

3 0 transmitting the signature Ci of the random variable 

message prompting authentication, the specific 
authentication data DAj and the second public key K' p to 
the lock Bi can be carried out . 

The protocol according to the present invention is 
35 then resumed at step 1003 of figure la for example by the 
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lock Bi. 

All the verification steps, followed by the steps of 
calculating the signature values Ci, followed by the 
aforementioned transmission, are represented in steps 
1002a, 1002b, 1002c of figure 2b, prior to execution of 
the step 1003 previously mentioned. 

There follows a description with reference to 
Figures 3a and 3b of the architecture of an electronic 
key and an electronic lock for implementing the access 
control protocol according to the present invention. 

Figure 3a shows an electronic key EK kj which has a 
cryptographic calculation module Ca k , a message or data 
transmission module E k and a transmit/receive wire antenna 
T k/ as previously described. The cryptographic calculation 
module comprises, in addition to a central processor unit 
CPU, a protected access memory area 1 for storing at 
least one signature value of a validity time period 
allocated to the electronic key, that signature value 
corresponding of course to the specific authentication 
data DAj previously mentioned. The protected access memory 
area 1 is also used to store a signature verification 
key, the first public key K p/ i.e. the aforementioned 
signature, consisting of the specific authentication 
data. It also stores a signature key, the second 
signature key K' s mentioned previously. This embodiment 
corresponds to the embodiment of the protocol according 
to the present invention shown in figure la. 

The cryptographic calculation model Ca k also 
includes a read-only memory (ROM) 2 enabling the central 
processor unit CPU to call programs for calculating the 
signature value of a random variable message, i.e. the 
message a i;i previously mentioned, and for signature 
verification on the basis of the signature keys, 
respectively signature verification keys, i.e. the keys 
K's and K p previously mentioned. The read-only memory 2 of 
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the key stores programs for calculating signature values 
of the random variable message and verifying signatures 
on the basis of the signature keys K' s and signature 
verification keys K p , K' p , as in the flowcharts shown in 
5 figures le and lg previously described. 

In addition to the above, and depending on the 
embodiment of the protocol according to the present 
invention used, the cryptographic calculation module Ca k 
includes a clock 3, for example, delivering the clock 
10 signal VCK to the central processor unit CPU and, of 
course, a scratchpad random access memory (RAM) 4. 

Finally, the system has a serial port PS for 
implementing the validation step Vj previously mentioned. 

With regard to the electronic lock Bi shown in 
15 figure 3b, it has, of course, a cryptographic calculation 
module Cai and a message transmission/reception module Ei 
both associated with an antenna TV which is shown as a 
wire antenna in figure 3b, without this being limiting on 
the invention. 

2 0 The cryptographic calculation module Ca ± includes a 

protected access memory area in addition to a central 
processor unit CPU. The protected access memory area is 
used to store at least one public signature verification 
key, i.e. the first public key K p and the second public 
25 key K' p in the embodiment of the protocol according to the 
present invention shown in figure la, or respectively to 
store a single public key, i.e. the first public key K' p 
in the embodiment of the protocol according to the 
present invention shown in figures 2a and 2b. 

3 0 What is more, a read-only memory 6 connected to the 

central processor unit enables the central processor unit 
to call signature verification programs based on the 
public key or keys K p , K' p previously mentioned. The read- 
only memory 6 stores signature verification programs, for 
3 5 example, whose flowchart corresponds to that shown in 
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figures Id, lc and If previously described. Similarly, a 
counter 7 or if necessary a real-time clock and a serial 
port PS are provided. 

An access control protocol between an electronic key 
5 and an electronic lock has therefore been described, the 
electronic lock applying access control in a particularly 
powerful manner in that the electronic key, which has 
cryptographic potential, is able to authenticate its 
attempt to access each of the accessed electronic locks. 

10 A protocol of the above kind would appear to be of 

major benefit because the operation of signature by the 
key of the random variable message prompting 
authentication constitutes a variable right of access, 
changing on each transaction, so that playback is 

15 prevented. 

Finally, the protocol according to the present 
invention can be used to optimise the overall security 
level in that a single signature verification public key 
can be stored in each electronic lock. It constitutes a 

20 secure method of access control. The optimisation is 
adapted to suit the application. 

The protocol according to the present invention and 
the electronic key and the electronic lock for 
implementing the protocol would appear to be particularly 

25 suitable for management by approved employees of 
strongboxes or mailboxes, for example. 
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CLAIMS 

1. An access control protocol between an 
electronic key and an electronic lock performing access 
control, in which protocol, following presentation of 

5 said electronic key to said electronic lock, a random 
variable message prompting authentication of the 
electronic key is transmitted from said electronic lock 
to said electronic key, characterised in that, on 
receiving said random variable message prompting 
10 authentication, the protocol consists of at least, in 
succession: 

- calculating and transmitting from said electronic 
key to said electronic lock a signature value of said 
random variable message prompting authentication and 

15 specific authentication data, said specific 

authentication data transmitted by said electronic key to 
said electronic lock consisting of at least one public 
key certificate associated with said private signature 
key, said public key certificate consisting of a digital 

2 0 signature value of at least one validity time period 
relating to a right of access and of said public key, 
said signature value being calculated from a private 
signature key and the specific authentication data, and, 
after reception by said electronic lock of said signature 

2 5 value and said specific authentication data: 

verification by said electronic lock of the 
authenticity of said signature value as a function of 
said specific authentication data and, in response to a 
positive or negative result of said verification: 

3 0 - acceptance or respectively refusal of said access. 

2. A protocol according to claim 1, characterised 
in that the step of verification by the electronic lock 
of the authenticity of the signature value uses a secrete 
key or a public key. 

3 5 3. A protocol according to claim 1, characterised 
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in that said step of verification of said signature value 
by said electronic lock includes , in succession: 

verification by said electronic lock of the 
authenticity of said specific authentication data based 
5 on comparison with reference data and, in the event of a 
positive result of said comparison: 

verification by said electronic lock of said 
signature value as a function of said specific 
authentication data . 

10 4. A protocol according to claims 1 and 3, 

characterised in that said step of verification by said 
electronic lock of the authenticity of said specific 
authentication data consists of checking said validity 
time period associated with said public key. 

15 5. A protocol according to claim 3, characterised 

in that validity time period includes a plurality of non- 
contiguous time intervals. 

6. A protocol according to claim 3 or claim 4, 
characterised in that each validity time period consists 

20 of at least one time interval having two limits each 
expressed as a date in terms of day, month, year and a 
time in terms of hour, minute, second. 

7. A protocol according to any preceding claim, 
characterised in that said random variable message 

25 prompting authentication is a function of an 
identification value of said electronic lock and a 
continuously increasing variable value. 

8. A protocol according to any of claims 1 to 7, 
characterised in that, after reception of said random 

30 variable message prompting authentication by said 
electronic key but before the step of calculation and 
transmission of a signature value by said electronic key, 
said electronic key having an internal clock, said 
protocol further consists of an auxiliary verification 

35 step for authorising calculation of the signature of said 
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random variable message prompting authentication, said 
auxiliary verification step consisting of: 

- using said public key to verify said public key 
certificate and said validity time period associated with 

5 said public key against said internal clock, to verify 
the validity of said public key, 

verifying the association of said private 
signature key and said public key, whose validity has 
been verified in the preceding step, and, on the basis of 
10 positive and negative result criteria for the preceding 
two verification steps: 

continuing or respectively interrupting said 
access control protocol. 

9. A protocol according to any of claims 3 to 8, 
15 characterised in that it further comprises a plurality of 

tests limiting all attack outside said validity time 
period, which tests are performed during said step of 
verification by said electronic lock of the authenticity 
of said signature value, after said step of verification 

2 0 by said electronic lock of the authenticity of the 

specific authentication data consisting of checking said 
validity time period associated with said public key but 
before said step of verification by said electronic lock 
of the authenticity of said signature value said protocol 
25 further comprising a plurality of tests limiting any 
attack outside said validity time period. 

10. A protocol according to any of claims 1 to 9, 
characterised in that it comprises, before said step of 
calculation and transmission from said electronic key to 

3 0 said electronic lock of a signature value of said random 

variable message prompting authentication and specific 
authentication data, said electronic key including a 
real-time clock: 

- a step of testing if a time variable delivered by 
35 said real-time clock is inside said validity time period 
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and, in the event of a negative result of said test: 

- a step of invalidation of said electronic key 
interrupting said access control and leading to refusal 
of said access by said electronic lock. 

5 11. An electronic key comprising cryptographic 

calculation means and message or data transmission means 
for implementing a protocol according to any of claims 1 
to 10 for controlling access to an electronic lock by 
said electronic key, characterised in that, in addition 

10 to a central processor unit, said cryptographic 
calculation means include at least: 

a protected access memory area for storing at 
least one signature value of a validity time period 
allocated to said electronic key and a signature or 

15 signature verification key, and 

- a read-only memory used to call programs for 
calculating the signature value of a random variable 
message delivered by said electronic lock and for 
signature verification on the basis of said signature 

20 keys, respectively signature verification keys. 

12. An electronic lock comprising cryptographic 
calculation means and message or data transmission means 
for implementing a protocol according to any of claims 1 
to 10 for controlling access to said electronic lock by 

25 an electronic key, characterised in that, in addition to 
a central processor unit, said calculation means include 
at least: 

- a protected access memory area for storing at 
least one public signature verification key, and 

3 0 a read-only memory used to call signature 

verification programs based on said at least one public 
key. 
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V. Declaration motivee selon I'article 35(2) quant a la nouveaute, lactivite inventive et la possibility 
d application industrielle; citations et explications a lappui de cette declaration 

1. Declaration 

Nouveaute Oui : Revendications 1-10 

Non : Revendications 1 1 

Activite inventive Oui: Revendications 1-10 

Non : Revendications 1 1 

Possible d'application industrielle Oui : Revendications 1 -1 1 

Non : Revendications 



2. Citations et explications 
voir feuille separee 
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Concernant le point V 

Declaration motivee selon la regie 66.2(a)(ii) quant a la nouv eaute. I'activite 
inventive et la possibility d'application industrielle: citations et explications a 
I'appui de cette declaration 

L'objet des revendications 1-10 est nouveau et implique une activite inventive car 
aucun des documents cites ne decrit ou suggere I'utilisation d'une cryptographie a cle 
publique pour I'authentification de la cle par la serrure. Les documents EP-A-80791 1 et 
EP-A-727894 utilisent respectivement dans ce cas une cle aleatoire secrete de session 
ou une cle secrete de communication entre I'autorite et I'utilisateur. La double utilisation 
de systemes cryptographique a cle publique represente une securite accrue. 

La revendication 1 1 est une revendication independante puisque son objet est different 
de celui des autres revendications independantes. Elle indique bien qu'elle comprend 
des moyens cryptographiques et de transmission pour la mise en oeuvre du protocole 
selon I'une des revendications 1 a 17, mais n'indique pas dans le preambule la nature 
exacte de ces moyens. En effet, la simple indication de moyens permettant la mise en 
oeuvre d'un protocole faisant l'objet d'une revendication independante d'une autre 
categorie n'apporte aucune limitation quant a ces moyens. 

La revendication 1 1 precise cependant dans la partie caracterisante que ces moyens 
comprennent une zone memoire memorisant une cle publique et une memoire 
comprenant le programme permettant une verification de signature. 
Toutefois, ces moyens sont deja connus du document FR-A-2722596. 
L'objet de la revendication 1 1 n'est done pas nouveau. 
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variability ou de diversity du dialogue de controle d'acces entre la 
cle et la serrure electronique, au moyen d'une variable al£atoire. 
Une telle solution apparait limitee en raison du fait que, d'une 
part, sauf a faire appel a une ou plusieurs variables physiques ex- 
ternes a caractere purement aleatoire, le caractere aleatoire des va- 
riables aleatoires obtenues au moyen des generateurs aleatoires ou 
pseudo-aleatoires usuels n'est pas totalement satisfait, alors que, 
d' autre part, le caractere non repetitif de la production d'un tel 
alea n'est pas certain, ce qui peut ne pas decourager les fraudeurs 
de haute volee determines et disposant de ressources de calcul impor- 
tantes . 

En tout etat de cause, les solutions precitees ne permettent 
done d'inhiber avec certitude, ni une attaque par utilisation illegi- 
time d'une cle electronique, ni une attaque par rejeu, pendant la 
plage horaire de validite, d'une ressource accedee. 

D'autres solutions ont ete proposees. La demande EP-A- 
727 8 94 decrit un systeme base sur la cryptographie a cle secrete. 
Ces systemes posent un probleme de gestion des cles, les certificats 
de cle ne pouvant etre facilement utilises. La demande de brevet EP- 
A-807 911 decrit un systeme base sur la cryptographie a cle secrete 
et a cle publique, utilisant des techniques de chiffrement. Un certi- 
ficat de cle publique est envoye chiffre au moyen d'une cle secrete. 
La cle secrete utilisee est elle-meme envoyee chiffree avec la cle 
publique du destinataire - 

La presente invention a pour objet de remedier aux inconve- 
nients precites des solutions preconisees par 1 1 art anterieur. 

Un tel objet est notamment atteint par 1 ' integration au dia- 
logue d'acces logique, entre une ressource accedante et au moins une 
ressource accedee, d'un processus d' authentif ication de la ressource 
accedante par la ressource accedee, 1 ' autorisation ou le refus de 
l'acces etant rendu conditionnel au succes du processus d' authentif i- 
cation . 

Un autre objet de la presente invention est en consequence 
la raise en ceuvre d'un protocole de controle d'acces entre une res- 
35 source accedante, constitute par une 
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la deuxieme cle publique VK f P a la valeur de la deuxieme 
cle publique memorisee K ! P . 

Sur reponse positive au critere de comparaison 
precite effectue a 1 ' etape 1003a, une deuxieme verifica- 
tion est effectuee par la serrure electronique Bi a 
I'etape 1003b. Cette deuxieme verification,, ainsi que re- 
presents sur la figure precitee, consiste a effectuer une 
verification de la valeur de signature du message variable 
aleatoire d'incitation a authentif ication . 

Cette deuxieme verification est notee, compte tenu 
des convention precedentes : 

- V K . P (Ci) ^K'pfSK.sCaij) ) . 
On comprend qu'au cours de cette deuxieme etape de verifi- 
cation realisee a 1' etape 1003b, on obtient ainsi une va- 
15 leur verifiee du message variable aleatoire d'incitation a 
authentif ication, valeur verifiee Va ± j . Cette valeur veri- 
fiee du message variable aleatoire d'incitation a authen- 
tification peut alors etre comparee & la valeur du message 
variable aleatoire d'incitation a authentif ication a ljr 
lequel aura bien entendu ete memorise prealablement au ni- 
veau des circuits memoires de la serrure electronique Bj.. 

Ainsi, on comprend que la deuxieme verification de 
la valeur de signature est effectuee conditionnellement a 
la verification de la deuxieme cle publique K' P associee a 
25 la cle privee de signature K' s , et done en definitive en 
fonction des donnees specif iques d ' authentif ication DAj 
precitees . 

D'une maniere generale, on indique que la premiere 
verification representee £ 1 ' etape 1003a de la figure lc 
de 1 ' authenticity des donnees specif iques d' authentif ica- 
tion, peut consister a controler la plage de validite PH 3 
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que Bi de 1 T authenticity de la valeur de signature, etape 
1003 sur la figure la, et de maniere plus particuliere, 
etapes 1003a et 1003b de la figure 1c, suite a la premiere 
etape de verification 1003a de 1 ' authenticity des donnees 
specif iques d' authentif ication DAj, consistant a controler 
la plage de validite associee a la deuxieme cle publique 
K f P rnais prealablement a la deuxieme etape de verification 
1003b representee en figure 1c, une pluralite de tests re- 
presentes en 1003ai, figure If, peut etre prevue, de fa<?on. 
a limiter toute attaque hors de la plage de validite ho- 
raire precitee. Sur la figure If, la pluralite de tests 
est representee de maniere non limitative en une comparai- 
son de la valeur de comptage CO delivree par la serrure 
electronique Bi ou, le cas echeant, d'un signal horaire 
delivre par une horloge lorsque la serrure electronique 
est munie d'une horloge, dans la plage de validite horaire 
precitee- De maniere plus specif ique, ce test peut consis- 
ter a comparer la valeur de comptage CO aux valeur s limi- 
tes definissant la plage de validite horaire PHj precitee 
par exemple. En cas de non-appartenance de la variable de 
comptage CO ou du signal horaire correspondant a la plage 
de validite horaire, toute tentative d'acces est refusee 
par la serrure electronique Bi. D'autres tests limitant 
1' attaque hors de la plage de validite peuvent etre envi- 
sages • 



sant a limiter toute attaque hors d'une plage horaire PHj 
determinSe, un mode de mise en ceuvre preferentiel non li- 
mitatif sera decrit ci-apres, dans le cas oil la cl6 elec- 



tentative d'acces, les etapes de verification telles que 



Pour ce qui concerne la mise en ceuvre de tests vi- 



tronique est munie 



d f une horloge temps reel. Lors de toute 
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REVENDICATIONS 

1 Protocole de controle d'acces entre une cle 
electronique (EK^) et une serrure electronique (B±) ope- 
rant ce controle d'acces, dans lequel, suite a la mise en 
presence de ladite cle Electronique (EK kj ) et de ladite 
serrure electronique (Bi) , une transmission de ladite ser- 
rure electronique a ladite cle electronique d f un message 
(aij) variable aleatoire d'incitation a authentif ication 
de cette cle electronique ( EKjcj ) est effectuee, caracteri- 
se en ce que, sur reception dudit message (a^) variable 
aleatoire d'incitation a authentif ication, celui-ci con- 
siste au moins successivement en : 

- un calcul et une transmission, de ladite cle 
electronique (EKkj) a ladite serrure electronique (Bi) , 
d'une valeur de signature numerique dudit message variable 
aleatoire d'incitation a authentif ication a partir d'une 
cle privee de signature (K' s ) et de donnees specif iques 
d' authentif ication ( DA j ) , lesdites donnees specifiques 
d' authentif ication transmises par ladite cle electronique 
(EK k j) a ladite serrure electronique (Bi) consistant au 
moins en un certificat de cle publique (K' p ) associee a 
ladite cl6 privee de signature (K' s ), ledit certificat de 
cle publique consistant en une valeur de signature numeri- 
que d'au moins une plage de validite (PHj) relative a un 
droit d'acces, et de ladite cle publique (K' p ), ladite va- 
leur de signature etant calculee au moyen d'une autre cle 
privee de signature (K s ) a laquelle est associ6e une autre 
cle publique (K p ) et, suite a la reception par ladite ser- 
rure electronique de ladite valeur de signature (Ci) et 
desdites donnees specifiques d r authentif ication (DAj) , 
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- une verification (1003) VWp ( (Ci, DAj ) ) , par la- 
dite serrure electronique (Bi) , de 1 1 authenticity de la- 
dite valeur de signature (Ci) , en f onction desdites 
donnees specifiques d ' authentif ication (DAj) , et, sur re- 

5 ponse positive ou negative de ladite verif ication f 

- acceptation, respectivement refus, dudit acces. 
2. Protocole selon la revendication l r caracterise 

en ce que ladite etape de verification, par ladite serrure 
electronique, de ladite valeur de signature, comporte suc- 
10 cessivement : 

- une premiere verification (1003a) , par ladite 
serrure electronique (Bi) de 1 ' authenticity desdites don- 
nees specifiques d T authentif ication sur critere de compa- 
raison a des donnees de reference, et, sur reponse 

15 positive audit critere de comparaison, 

- une deuxieme verification (1003b) , par ladite 
serrure electronique (Bi) de ladite valeur de signature 
(Ci) , en f onction desdites donnees specifiques d'authenti- 
f ication (DAj) . 

20 3. Protocole selon les revendications 1 et 2, ca- 

racterise en ce que ladite premiere etape de verification 
par ladite serrure electronique de 1 1 authenticity desdites 
donnees specifiques d' authentif ication (DAj) consiste a 
controler ladite plage de validite (PHj) associ6e a ladite 

25 cle publique (K' p ) . 

4. Protocole selon la revendication 2, caracterise 
en ce que la plage de validity (PHj) comprend plusieurs 
intervalles temporels disjoints. 

5. Protocole selon la revendication 2 ou 3, carac- 
30 terise en ce que chaque plage de validite (PHj) consiste 

en au moins un intervalle temporel comportant deux bornes 
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exprimees chacune comme une date en jour, 'mois, annee et 
un horaire en heures, minutes, secondes. 

6. Protocole selon 1 • une des revendications prece- 
dentes, caracterise en ce que ledit message (ay) variable 
aleatoire d'incitation a authentif ication est fonction 
d'une valeur d ' identification (CBi) de ladite serrure 
electronique (Bi) et d'une valeur variable (CO) continu- 
ment croissante. 

7. Protocole selon l'une des revendications 1 a 6, 
caracterise en ce que, suite a la reception dudit message 
Uij) variable aleatoire d'incitation a authentif ication 
par ladite cle electronique (EK kj ) mais prealablement a 
l'etape de calcul et de transmission par ladite cle elec- 
tronique d'une valeur de signature (C±) , ladite cle elec- 
tronique (EK kj ) etant munie d'une horloge interne, ledit 
protocole consiste en outre, en une etape (1007) de veri- 
fication auxiliaire d' autorisation de calcul de signature 
dudit message variable aleatoire d'incitation a authenti- 
f ication, ladite etape de verification (1007) auxiliaire 
consistant a : 

- verifier (1007a), au moyen de 1 * autre cle publi- 
que (K p ) associee a ladite autre cle privee de signature 

(K s ) , ledit certificat de cle publique (K' P ) et ladite 
plage de validite (PH.,) associee a cette cle publique 

(K' p ), vis-a-vis de ladite horloge interne, ladite verifi- 
cation permettant en fait de verifier la validite de la- 
dite cle publique (K' P ) ; 

- verifier (1007b) 1 ' association de ladite cle 
privee de signature (K' s ) a ladite cle publique (K' P ), 
dont la validite a ete verifide a l'etape precedente, et, 
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sur critere (1007c) de reponse positive et negative aux 
deux etapes de verification precedentes, 

- poursuivre (1007e) , respectivement interrompre 
(1007d), ledit protocole de controle d'acces. 

8. Protocole selon l'une des revendications 2 a 7, 
caracterise en ce que, au cours de ladite etape (1003) de 
verification par ladite serrure electronique (Bi) de 1 1 au- 
thenticity de ladite valeur de signature (Ci) , suite a la- 
dite premiere etape (1003a) de verification par cette 
serrure electronique (B ± ) de 1 ' authenticity des donnees 
specif iques d f authentif ication (DAj) consistant a contro- 
ler ladite plage de validity (PHj) associee a ladite cle 
publique (K' P ) mais prealablement a ladite etape (1003b) 
de deuxieme verification par cette serrure electronique 
(Bi) de 1 1 authenticity de ladite valeur de signature , le- 
dit protocole comprend en outre une plurality de tests 
(1003ai) limitant toute attaque hors de ladite plage de 
validite (PHj) . 

9. Protocole selon l'une des revendications 1 a 8, 
caracterise en ce que prealablement a ladite etape de cal- 
cul et de transmission de ladite cle electronique (EK kj )a 
ladite serrure electronique (Bi) d'une valeur de signature 
(Ci) dudit message (aij) variable aleatoire d'incitation a 
authentif ication et de donnees specif iques d 1 authentif ica- 
tion (DA 3 ), ladite cle electronique (EK kj ) etant munie 
d'une horloge temps reel, ledit protocole comprend : 

- une etape (1007ci) de controle d' appartenance 
d'une variable temporelle delivree par ladite horloge 
temps reel vis-a-vis de ladite plage de validity (PHj), 
et, sur reponse nygative a ladite etape de controle d 1 ap- 
partenance, 
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- une etape (1007c 3 ) d 1 invalidation de ladite cle 
electronique interrompant ledit controle d' acces et en- 
trainant le refus dudit acces par ladite serrure electro- 
nique . 

5 10. Cle electronique cornprenant des moyens (C a k) de 

calcul cryptographique et des moyens (T k ) de transmission 
de messages ou de donnees pour la raise en oeuvre du proto- 
cole de controle d'acces a une serrure electronique (Bi) 
par cette cle electronique (EK k j) selon l'une des revendi- 
10 cations 1 a 9, caracterisee en ce que, outre une unite 
centrale de calcul (CPU) , lesdits moyens (C a k) de calcul 
cryptographique comportent au moins : 

- une zone memoire (1) a acces protege, permettant 
la memorisation d'au moins une cle privee de signature 

15 (K' s ) et de donnees specifiques d' authentif ication (DAj), 
ces donnees specifiques d 1 authentif ication (DAj) consis- 
tant au moins en un certificat de cle publique (K' P ) cons- 
titue par une valeur de signature numerique d T au moins une 
plage de validite (PHj) relative a un droit d f acces, et de 

20 ladite cle publique (K' P ); 

- une memoire (4) accessible en lecture, permet- 
tant l'appel de programmes de calcul de la valeur de si- 
gnature numerique d f un message variable aleatoire (aij) , 
delivre par cette serrure electronique (Bi) , au moyen de 

25 ladite cle privee de signature (K' s ) . 

11. Serrure electronique cornprenant des moyens 
(Cai) de calcul cryptographique et des moyens (T±) de 
transmission de messages ou de donnees pour la mise en oeu- 
vre du protocole de controle d'acces & cette serrure elec- 

30 tronique par une cle electronique (EK k j) , selon l'une des 
revendications 1 & 9, caracterisee en ce que, outre une 
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unite centrale de calcul (CPU) , lesdits moyens (C a i) de 
calcul comportent au moins : 

- une zone memoire (5) a acces protege, permettant 
la memorisation d'au moins une cle publique (K P )de verifi- 
cation de signature ; 

- une memoire (6) accessible en lecture, permet- 
tant l'appel de programmes de verification de signature a 
partir de ladite au moins une cle publique . 



« « 
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TRAITE DE Q 



PERATION EN M ATI ERE DE Blj^E 

PCT 



TS 



RAPPORT DE RECHERCHE INTERNATIONALE 
(article 18 et regies 43 et 44 du PCT) 



Reference du dossier du deposant ou 
du mandataire 

BCT990009 MF 


POUR SUITE voir la notification de transmission du rapport de recherche internationale 
(formulaire PCT/ISA/220) et, le cas 6cheant, le point 5 ci-apres 

A DONNER 


Demande internationale n° 

PCT/FR 99/00249 


Date du depot international (jour/mois/ann^e) 

05/02/1999 


(Date de priorite (la plus ancienne) 
(jour/mois/annee) 

09/02/1998 


Deposant 

LA POSTE et al . 



Le present rapport de recherche internationale, etabli par I'administration charged de la recherche internationale, est transmis au 
deposant conformement a I'article 18. Une copie en est transmise au Bureau international. 

Ce rapport de recherche internationale comprend 3 feuilles. 

|~X~| II est aussi accompagne d'une copie de chaque document relatif a I'etat de la technique qui y est cite. 



1 . Base du rapport 

a. En ce qui concerne la langue, la recherche internationale a ete effectuee sur la base de la demande internationale dans la 
langue dans laquelle elle a ete deposed, sauf indication contraire donnee sous le meme point. 

| | la recherche internationale a ete effectuee sur la base d'une traduction de la demande internationale remise a Tadministration. 



b. 



En ce qui concerne les sequences de nucleotides ou d'acides amines divulguees dans la demande internationale (le cas ech^ant) 
la recherche internationale a ete effectuee sur la base du listage des sequences : 
| | contenu dans la demande internationale, sous forme ecrite. 

deposee avec la demande internationale, sous forme dechiffrable par ordinateur. 

remis ulterieurement a I'administration, sous forme ecrite. 

remis ulterieurement a ['administration, sous forme dechiffrable par ordinateur. 



□ 
□ 
□ 
□ 

□ 



□ 
□ 



La declaration, selon laquelle le listage des sequences presente par ecrit et fourni ulterieurement ne vas pas au-dela de la 
divulgation faite dans la demande telle que deposee, a ete fournie. 

La declaration, selon laquelle les informations enregistrees sous forme dechiffrable par ordinateur sont identiques a celles 
du listage des sequences presente" par ecrit, a ete fournie. 

II a ete estime que certaines revendications ne pouvaient pas faire I'objet d'une recherche (voir le cadre I). 
II y a absence d'unite de I'invention (voir le cadre II). 



En ce qui concerne le titre, 

| | le texte est approuve tel qu'il a ete remis par le deposant. 
[X] Le texte a ete etabli par I'administration et a la teneur suivante: 

PR0T0C0LE DE C0NTR0LE D'ACCES ENTRE UNE CLE ET UNE SERRURE ELECTR0NIQUE 



5. En ce qui concerne I'abrege, 

|~^~| le texte est approuve tel qu'il a ete remis par le deposant 

□ le texte (reproduit dans le cadre III) a ete etabli par I'administration conformement a la regie 38.2b). Le deposant peut 
presenter des observations a I'administration dans un deiai d'un mois a compter de la date d'expedition du present rapport 
de recherche internationale. 

6. La figure des dessins a publier avec I'abrege est la Figure n° Xa 



[X| suggeree par le deposant. Q Aucune des figures 

□ ^ ^ A . n'est a publier. 

parce que le deposant n'a pas suggere de figure. 

| | parce que cette figure caracterise mieux I'invention. 



Formulaire PCT/ISA/210 (premiere feuille) (juillet 1998) 



RAPPORT DE RECHERCHE INTERNATIONALE 




nde Internationale No 



/FR 99/00249 



A. CLASSEMENT DE L'OBJET DE LA DEMANDE 

CIB 6 G07C9/00 G07F7/10 



Selon la classification Internationale des brevets (CIB) ou a la fois selon la classification nationale et la CIB 



B. DOMAINES SUR LESQUELS LA RECHERCHE A PORTE 



Documentation minimale consultee (systeme de classification suivi des symboles de classement) 

CIB 6 G07C G07F 



Documentation consultee autre que la documentation minimale dans la mesure ou ces documents relevant des domaines sur lesquels a porte la recherche 



Base de donnees electronique consultee au cours de la recherche internationate (nom de la base de donnees, et si realisable, termes de recherche utilises) 



C. DOCUMENTS CONSIDERES COM ME PERTINENTS 



Categorie ° Identification des documents cites, avec, le cas 4cheant, Vindication des passages pertinents 



no. des revendications vis^es 



DE 195 27 715 A (DEUTSCHE TELEKOM MOBIL) 
6 fevrier 1997 

voir abrege; figures 1,2,4-6 
voir colonne 4, ligne 58 - colonne 5, 
ligne 51 
voir colonne 7 ; 
voir colonne 9 : 
ligne 38 



1-3,11, 
12 



1 igne 6 - 1 igne 23 
1 igne 20 - colonne 



10. 



US 5 546 463 A (CAPUTO ANTHONY A ET AL) 
13 aout 1996 
voir abrege; 
voir colonne 5, 
voir colonne 6, 
ligne 55 
voir colonne 8, 
ligne 14 



1,7,11, 
12 



figures 2,5A,5B,8 

1 igne 16 - 1 igne 67 
1 igne 56 - col onne 7, 

1 igne 40 - colonne 10, 



-/— 



m 



Voir la suite du cadre C pour la fin de la liste des documents 



El 



Les documents de families de brevets sont indiques en annexe 



° Categories speciales de documents cites: 

"A" document definissant I'etat general de la technique, non 

considere comme particulierement pertinent 
"E" document anterieur, mais public a la date de dep6t international 

ou apres cette date 

"L" document pouvant jeter un doute sur une revendication de 
priorite ou cite pour determiner la date de publication dune 
autre citation ou pour une raison speciale (telle qu'indiquee) 

"O" document se referant a une divulgation orale, a un usage, a 
une exposition ou tous autres moyens 

"P" document pubiid avant la date de depdt international, mais 
post6rieurement a la date de priorite revendiquee 



"T" document ulterieur publie apres la date de depfit international ou la 
date de priorite et n'appartenenant pas a Tetat de la 
technique pertinent, mais cite pour comprendre le principe 
ou la theorte constituant la base de I'inventlon 

"X" document particulierement pertinent; I'inven tion revendiquee ne peut 
etre consideree comme nouvelle ou comme impliquant une activite 
inventive par rapport au document considere isolement 

"Y" document particulierement pertinent; I'inven tion revendiquee 

ne peut etre considered comme impliquant une activite inventive 
lorsque le document est associe a un ou plusieurs autres 
documents de meme nature, cette combinaison 4tant evidente 
pour une personne du metier 

document qui fait partie de la meme famille de brevets 



Date a laquelle la recherche internationate a et6 effectivement achev6e 



29 avril 1999 



Date d'expedition du present rapport de recherche international© 



11/05/1999 



Nom et adresse postale de I'administration chargee de la recherche intemationale 
Office Europeen des Brevets, P.B. 5818 Patentlaan 2 
NL - 2280 HV Rijswijk 
Tel. (+31-70) 340-2040, Tx. 31 651 epo nl, 
Fax: (+31-70) 340-3016 



Fonctionnaire autorise 



Buron, E 
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ide Internationale No 

FR 99/00249 



C.(sulte) DOCUMENTS CONSIDERES COMME PERTINENTS 



Categorie ° Identification des documents cites, avec,le cas echeant, I'indicatlondes passages pertinents 



no. des revendications visees 



EP 0 427 465 A (AMERICAN TELEPHONE & 

TELEGRAPH) 15 mai 1991 

voir abrege; figures 1,5,7,8 

voir colonne 5, ligne 1 - colonne 7, ligne 

11 

voir colonne 11, ligne 1 - colonne 12, 
1 igne 24 

voir colonne 13, ligne 30 - colonne 14, 
1 igne 45 

FR 2 722 596 A (FRANCE TELECOM) 
19 Janvier 1996 
cite dans la demande 

voir abrege; revendications 1-4,9,10,14; 
figures 

voir page 3, ligne 6 - page 7, ligne 31 
voir page 11, ligne 20 - page 12, ligne 3 

GB 2 154 344 A (NAT RES DEV) 

4 septembre 1985 

voir abrege; figures 1,3 

voir page 4, ligne 7 - page 5, ligne 38 

US 4 870 400 A (DOWNS STEPHEN R ET AL) 

26 septembre 1989 

voir abrege; figure 7 

voir colonne 9, ligne 8 - ligne 25 

voir colonne 10, ligne 23 - ligne 54 

US 5 243 175 A (KATO AKIO) 

7 septembre 1993 

voir abrege; figures 1-3 

voir colonne 1, ligne 9 - colonne 3, ligne 

15 

voir colonne 3, ligne 62 - colonne 5, 
ligne 61 

voir colonne 7, ligne 67 - colonne 8, 
ligne 14 

US 5 130 519 A (BUSH GEORGE ET AL) 

14 juillet 1992 

voir abrege; figure 3 

voir colonne 4, ligne 44 - ligne 50 



1,11,12 



1-6,11, 
12 



1,11 



3,4,6,9 



8,10 
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TRAITE [^COOPERATION EN MATIEI ^JE BREVE TS 

PCT l REC ' D t 3 APR 2000 



WIPO PCT 
RAPPORT D' EXAM EN PRELIMINAIRE I Kl I bHNAI IUNAL 



(article 36 et regie 70 du PCT) 



Reference du dossier du deposant ou du 
mandataire 

BCT990009/PL 


voir la notification de transmission du rapport d'examen 
POUR SUITE A DONNER preliminaire international (formulaire PCT/IPEA/416) 


Oemande internationale n° 
PCT/FR99/00249 


Date du depot international (jour/mois/annSe) 
05/02/1999 


Date de priority (jour/mois/ann6e) 
09/02/1998 


Classification internationale des brevets (CIB) ou a la fois classification nationals et CIB 
G07C9/00 


Deposant 

LAPOSTE etal. 



1 . Le present rapport d'examen preliminaire international, etabli par Padministaration chargee de I'examen preliminaire 
international, esttransmis au deposant conform em ent a I'article 36. 

2. Ce RAPPORT comprend 4 feuilles, y compris la presente feuille de couverture. 

S || est accompagne d'ANNEXES, c'est-a-dire de feuilles de la description, des revendications ou des dessins qui ont 
ete modifiees et qui servent de base au present rapport ou de feuilles contenant des rectifications faites aupres de 
I'administration chargee de I'examen preliminaire international (voir la regie 70.16 et ('instruction 607 des Instructions 
administratives du PCT). 

Ces annexes comprennent 9 feuilles. 



Le present rapport contient des indications relatives aux points survants: 

I Base du rapport 

Priorite 

Absence de formulation d'opinion quant a la nouveaute, I'activite inventive et la possibilite 
d'application industrielle 

Absence d'unite de ('invention 

Declaration motivee selon I'article 35(2) quant a la nouveaute, I'activite inventive et la possibilite 
d'application industrielle; citations et explications a I'appui de cette declaration 

Certains documents cites 

Irregularrtes dans la demande internationale 

□ Observations relatives a la demande internationale 



II 


□ 


III 


□ 


IV 


□ 


V 




VI 


□ 


VII 


□ 


VIII 


□ 



Date de presentation de la demande d'examen preliminaire 
internationale 

06/09/1999 



Date d'achevement du present rapport 

1 0. 0*. 00 



Norn et adresse postale de I'administration chargee de 
I'examen preliminaire international: 
Office europeen des brevets 

D-80298 Munich 
Tel. +49 89 2399 - 0 Tx: 523656 epmu d 

Fax: +49 89 2399 - 4465 



Fonctionnaire auto rise 
Houillon, J-C 

N° de telephone +49 89 2399 2640 




Formulaire PCT/I PEA/409 (feuille de couverture) (janvier 1994) 



RAPPORT D'EXAMEN 
PRELIMINAIRE INTERNATIONAL 



Demande intemationale n° PCT/FR99/00249 



I. Base du rapport 

1 . Ce rapport a ete redige sur la base des elements ci-apres (les feuifles de remplacement qui ont 6te remises a 
I'office recepteur en reponse a une invitation faite conformement £ i'article 14 sont considerees, dans le present 
rapport, comme "initialement deposees" etne sont pas jointes en annexe au rapport puisqu'elles ne contiennent 
pas de modifications) : 



Description, pages: 

1,2,4-21,23-27, 
29-37 

3,22,28 



version initiate 



regue(s) le 



21/01/2000 avec la lettre du 



19/01/2000 



Revendications, N°: 

1-11 regue(s) le 



21/01/2000 avec la lettre du 1 9/01/2000 



Dessins, feuiiles: 

1/6-6/6 version initiale 

2. Les modifications ont entraine Tannulation : 

□ de la description, pages : 

□ des revendications, n os : 

□ des dessins, feuiiles : 

3. □ Le present rapport a 6te formule abstraction faite (de certaines) des modifications, qui ont 6t6 considerees 

comme allant au-dela de I'expose de I'invention tel qu'il a ete depose, comme il est indiqud ci-apres 
(regie 70.2(c)) : 



4. Observations complements ires, le cas echeant : 



Formulaire PCT/I PEA/409 (cadres l-VIII, feuille 1) (janvier 1994) 



RAPPORT D'EXAMEN 
PRELIMINAIRE INTERNATIONAL 



Demande intemationale n° PCT/FR99/00249 



V. Declaration motives seion 1'article 35(2) quant a la nouveaute, lactivite inventive et la possibility 
d'application industrielle; citations et explications a I'appui de cette declaration 

1. Declaration 

Nouveaute Oui : Revendications 1-10 

Non : Revendications 1 1 

Activite inventive Oui : Revendications 1 -1 0 

Non : Revendications 1 1 

Possibility d'application industrielle Oui : Revendications 1-11 

Non : Revendications 



2. Citations et explications 
voir feuille separee 



Formulaire PCT/IPEA/409 (cadres I- VIII, feuille 2) Oanvier 1994) 



RAPPORT D'EXAMEN 



Demande intemationale n° PCT/FR99/00249 



PRELIMINAIRE INTERNATIONAL - FEUILLE SEPAREE 



Concernant le point V 

Declaration motivee selon la regie 66.2(aMiO quant a la nouveaute, I'activite 
inventive et la possibility d'application industrielle: citations et explications a 
l appui de cette declaration 

L'objet des revendications 1-10 est nouveau et implique une activite inventive car 
aucun des documents cites ne decrit ou suggere I'utilisation d'une cryptographie a cle 
publique pour I'authentification de la cle par la serrure. Les documents EP-A-80791 1 et 
EP-A-727894 utilisent respectivement dans ce cas une cle aleatoire secrete de session 
ou une cle secrete de communication entre Pautorite et I'utilisateur. La double utilisation 
de systemes cryptographique a cle publique represente une securite accrue. 

La revendication 1 1 est une revendication independante puisque son objet est different 
de celui des autres revendications independantes. Elle indique bien qu'elle comprend 
des moyens cryptographiques et de transmission pour la mise en oeuvre du protocole 
selon Tune des revendications 1 a 17, mais n'indique pas dans le preambule la nature 
exacte de ces moyens. En effet, la simple indication de moyens permettant la mise en 
oeuvre d'un protocole faisant l'objet d'une revendication independante d'une autre 
categorie n'apporte aucune limitation quant a ces moyens. 

La revendication 1 1 precise cependant dans la partie caracterisante que ces moyens 
comprennent une zone memoire memorisant une cle publique et une memoire 
comprenant le programme permettant une verification de signature. 
Toutefois, ces moyens sont deja connus du document FR-A-2722596. 
L'objet de la revendication 1 1 n'est done pas nouveau. 
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variability ou de diversity du dialogue de contr61e d'acc^s entre la 
cl§ et la serrure eiectronique, au moyen d'une variable al^atoire. 
Une telle solution apparait limitSe en raison du fait que, d'une 
part, sauf a faire appel a une ou plusieurs variables physiques ex- 
ternes a caract£re purement aleatoire, le caractdre al£atoire des va- 
riables al£atoires obtenues au moyen des g6n6rateurs altatoires ou 
pseudo-al§atoires usuels n'est pas totalement satisfait, alors que, 
d' autre part, le caract&re non rtpetitif de la production d'un tel 
al§a n'est pas certain, ce qui peut ne pas d6courager les fraudeurs 
de haute volee determines et disposant de ressources de calcul impor- 
tantes . 

En tout 6tat de cause, les solutions pr§cit6es ne permettent 
done d'inhiber avec certitude, ni une attaque par utilisation ill£gi- 
time d'une cle 61ectronique, ni une attaque par rejeu, pendant la 
plage horaire de validite, d'une ressource acced§e . 

D'autres solutions ont et6 proposees. La demande EP-A- 
727 894 decrit un systeme base sur la cryptographie a cle secrete. 
Ces systemes posent un probleme de gestion des elds, les certificats 
de cle ne pouvant etre facilement utilises. La demande de brevet EP- 
A-807 911 decrit un systeme bas£ sur la cryptographie a cle secrete 
et a cle publique, utilisant des techniques de chiffrement. Un certi- 
ficat de cle publique est envoye chiffre au moyen d'une cle secrete. 
La cle secrete utilisee est elle-meme envoy§e chiffrte avec la cl6 
publique du destinataire . 

La presente invention a pour objet de remtdier aux inconve- 
nients precites des solutions prtconisees par l'art anttrieur. 

Un tel objet est notamment atteint par 1 ' integration au dia- 
logue d'accds logique, entre une ressource acc6dante et au moins une 
ressource acc£d€e, d'un processus d ' authentif ication de la ressource 
acc£dante par la ressource accedte, 1 ' autorisation ou le refus de 
l'acc^s 6tant rendu conditionnel au succSs du processus d' authentif i- 
cation . 

Un autre objet de la pr6sente invention est en consequence 
la mise en oeuvre d'un protocole de contrSle d'accds entre une res- 
source acc6dante, constitute par une 
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la deuxieme cle publique VK' P a la valeur de la deuxieme 
cle publique memorisee K f P . 

Sur reponse positive au critere de comparaison 
precite effectue k l f etape 1003a, une deuxieme verifica- 
5 tion est effectuee par la serrure electronique Bi £ 
l 1 etape 1003b, Cette deuxieme verification, ainsi que re- 
presents sur la figure precitee, consiste a effectuer une 
verification de la valeur de signature du message variable 
aleatoire d'incitation a authentif ication. 

10 Cette deuxieme verification est notee, compte tenu 

des convention precedentes : 

- V K 'p(Ci) «V K -p(S K -s(aij) ) . 
On comprend qu'au cours de cette deuxieme etape de verifi- 
cation realisee a 1' etape 1003b, on obtient ainsi une va- 

15 leur verifiee du message variable aleatoire d'incitation a 
authentif ication, valeur verifiee Vaij . Cette valeur veri- 
fiee du message variable aleatoire d'incitation a authen- 
tification peut alors etre comparee a la valeur du message 
variable aleatoire d'incitation a authentif ication a^, 

20 lequel aura bien entendu ete memorise prealablement au ni- 
veau des circuits memoires de la serrure electronique Bi. 

Ainsi, on comprend que la deuxieme verification de 
la valeur de signature est effectuee conditionnellement a 
la verification de la deuxieme cle publique K f P associee a 

25 la cle priv6e de signature K' s , et done en definitive en 
fonction des donn§es specif iques d' authentif ication DAj 
precitees. 

D'une manifere gen^rale, on indique que la premiere 
verification representee & 1 1 etape 1003a de la figure 1c 
30 de 1 ' authenticite des donnees specif iques d 1 authentif ica- 
tion, peut consister a controler la plage de validite PH-, 
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que Bi de 1 1 authenticity de la valeur de signature, etape 
1003 sur la figure la, et de maniere plus particuliere, 
etapes 1003a et 1003b de la figure lc, suite a la premiere 
etape de verification 1003a de 1 1 authenticity des donnees 

5 specif iques d' authentif ication DAj, consistant a controler 
la plage de validite associee a la deuxieme cle publique 
K'p mais prealablement k la deuxieme etape de verification 
1003b representee en figure lc, une pluralite de tests re- 
presentes en 1003ai, figure If, peut etre prevue, de fa<?on. 

10 a limiter toute attaque hors de la plage de validite ho- 
raire precitee. Sur la figure If, la pluralite de tests 
est representee de maniere non limitative en une comparai- 
son de la valeur de comptage CO delivree par la serrure 
electronique Bi ou, le cas echeant, d'un signal horaire 

15 delivre par une horloge lorsque la serrure electronique 
est munie d'une horloge, dans la plage de validite horaire 
precitee. De maniere plus specifique, ce test peut consis- 
ter a comparer la valeur de comptage CO aux valeurs limi- 
tes definissant la plage de validite horaire PHj precitee 

20 par exemple. En cas de non-appartenance de la variable de 
comptage CO ou du signal horaire correspondant a la plage 
de validite horaire, toute tentative d'acces est refusee 
par la serrure electronique B±. D'autres tests limitant 
1' attaque hors de la plage de validite peuvent etre envi- 

25 sages . 

Pour ce qui concerne la mise en oeuvre de tests vi- 
sant a limiter toute attaque hors d'une plage horaire PHj 
determinee, un mode de mise en oeuvre preferentiel non li- 
mitatif sera decrit ci-apres, dans le cas ou la cl6 elec- 
30 tronique est munie d'une horloge temps reel. Lors de toute 
tentative d'acces, les etapes de verification telles que 
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REVENDICATIONS 

1 Protocole de controle d f acces entre une cle 
electronique (EK kj ) et une serrure electronique (Bi) ope- 
rant ce controle d'acces, dans lequel, suite & la mise en 

5 presence de ladite cle Electronique (EKkj) et de ladite 
serrure electronique (Bi) , une transmission de ladite ser- 
rure electronique a ladite cle electronique d f un message 
(aij) variable aleatoire d'incitation a authentif ication 
de cette cle electronique (EKkj) est effectuee, caracteri- 

10 se en ce que, sur reception dudit message (aij) variable 
aleatoire d'incitation a authentif ication, celui-ci con- 
siste au moins successivement en : 

- un calcul et une transmission, de ladite cle 
electronique (EK k j) a ladite serrure electronique (Bi) , 

15 d'une valeur de signature numerique dudit message variable 
aleatoire d'incitation a authentif ication a partir d'une 
cle privee de signature (K' s ) et de donnees specif iques 
d' authentif ication (DAj), lesdites donnees specifiques 
d 1 authentif ication transmises par ladite cle electronique 

20 (EK k j) a ladite serrure electronique (Bi) consistant au 
moins en un certificat de cle publique (K' p ) associee a 
ladite cl6 privee de signature (K's), ledit certificat de 
cle publique consistant en une valeur de signature numeri- 
que d'au moins une plage de validite (PHj) relative a un 

25 droit d'acces, et de ladite cl6 publique (K'p), ladite va- 
leur de signature etant calculee au moyen d'une autre cle 
privee de signature (K s ) a laquelle est associee une autre 
cle publique (K p ) et, suite a la reception par ladite ser- 
rure electronique de ladite valeur de signature (Cj.) et 

30 desdites donnees sp6cifiques d 1 authentif ication (DAj), 
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- une verification (1003) \?kpk»p ( (C if DAj) ) , par la- 
dite serrure electronique (Bi) , de 1 ' authenticite de la- 
dite valeur de signature (d) , en fonction desdites 
donnees specifiques d 1 authentif ication (DAj) , et, sur re- 

5 ponse positive ou negative de ladite verification, 

- acceptation, respectivement refus, dudit acces. 
2. Protocole selon la revendication 1, caracterise 

en ce que ladite etape de verification, par ladite serrure 
electronique, de ladite valeur de signature, comporte suc- 
10 cessivement : 

- une premiere verification (1003a), par ladite 
serrure electronique (Bi) de 1 1 authenticite desdites don- 
nees specifiques d 1 authentif ication sur critere de compa- 
raison a des donnees de reference, et, sur reponse 

15 positive audit critere de comparaison, 

- une deuxieme verification (1003b), par ladite 
serrure electronique (Bi) de ladite valeur de signature 
(Ci) , en fonction desdites donnees specifiques d'authenti- 
f ication (DAj) . 

20 3. Protocole selon les revendications 1 et 2, ca- 

racterise en ce que ladite premiere etape de verification 
par ladite serrure electronique de 1 ' authenticite desdites 
donnees specifiques d' authentif ication (DAj) consiste a 
controler ladite plage de validite (PHj) associ6e a ladite 

25 cle publique (K f p ) - 

4. Protocole selon la revendication 2, caracterise 
en ce que la plage de validity (PHj) comprend plusieurs 
intervalles temporels disjoints. 

5. Protocole selon la revendication 2 ou 3, carac- 
30 terise en ce que chaque plage de validite (PHj) consiste 

en au moins un intervalle temporel comportant deux bornes 
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exprimees chacune comme une date en jour, 'rnois, annee et 
un horaire en heures, minutes, secondes. 

6. Protocole selon l'une des revendications prece- 
dentes, caracterise en ce que ledit message (aij) variable 
aleatoire d'incitation a authentif ication est fonction 
d T une valeur d 1 identification (CBj.) de ladite serrure 
electronique (Bj.) et d'une valeur variable (CO) continu- 
ment croissante. 

7. Protocole selon l'une des revendications 1 a 6, 
caracteris6 en ce que, suite & la reception dudit message 
(a±j) variable aleatoire d'incitation & authentif ication 
par ladite cle electronique ( EKjcj ) mais prealablement a 
I'etape de calcul et de transmission par ladite cle Elec- 
tronique d'une valeur de signature (Cj.) , ladite cle elec- 

15 tronique (EK k j) etant munie d'une horloge interne, ledit 
protocole consiste en outre, en une etape (1007) de veri- 
fication auxiliaire d' autorisation de calcul de signature 
dudit message variable aleatoire d'incitation a authenti- 
fication, ladite etape de verification (1007) auxiliaire 

20 consistant a : 

- verifier (1007a), au moyen de l f autre cle publi- 
que (K p ) associee a ladite autre cl6 privee de signature 
(K s ) , ledit certificat de cle publique (K' P ) et ladite 
plage de validite (PHj) associee a cette cl6 publique 

25 (K' p ), vis-a-vis de ladite horloge interne, ladite verifi- 
cation permettant en fait de verifier la validite de la- 
dite cl6 publique (K' P ) ; 

- verifier (1007b) 1 ' association de ladite cle 
privee de signature (K's) £ ladite cle publique (K' P ), 
dont la validite a ete v6rifi<§e a 1' etape pr6cedente, et, 
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sur critere (1007c) de reponse positive et negative aux- 
deux etapes de verification prec6dentes f 

- poursuivre (1007e) , respect ivement interrompre 
(1007d), ledit protocole de controle d'acces. 

5 8. Protocole selon l*une des revendications 2 k 1, 

caracterise en ce que, au cours de ladite etape (1003) de 
verification par ladite serrure yiectronique (Bi) de l 1 au- 
thenticity de ladite valeur de signature (Ci) , suite a la- 
dite premiere etape (1003a) de verification par cette 

10 serrure electronique (Bi) de 1 1 authenticity des donnees 
specif iques d f authentif ication (DAj) consistant a contro- 
ler ladite plage de validite (PHj) associee a ladite cl6 
publique (K' P ) mais prealablement a ladite etape (1003b) 
de deuxieme verification par cette serrure electronique 

15 (Bi) de 1 ' authenticity de ladite valeur de signature, le- 
dit protocole comprend en outre une plurality de tests 
(1003ai) limitant toute attaque hors de ladite plage de 
validity (PHj ) . 

9. Protocole selon I 1 une des revendications 1 a 8, 

20 caracterise en ce que prealablement a ladite etape de cal- 
cul et de transmission de ladite cle yiectronique (EKkj)a 
ladite serrure electronique (Bi) d'une valeur de signature 
(Ci) dudit message (aij) variable aleatoire d'incitation a 
authentif ication et de donnees specif iques d f authentif ica- 

25 tion (DA-,), ladite cle electronique (EK kj ) etant munie 
d'une horloge temps reel, ledit protocole comprend : 

- une etape (1007ci) de controle d' appartenance 
d'une variable temporelle dyiivree par ladite horloge 
temps reel vis-a-vis de ladite plage de validite (PHj), 

30 et, sur reponse nygative ci ladite ytape de controle d f ap- 
partenance,, 
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- une 6tape (1007C3) d f invalidation de ladite cle 
electronique interrompant ledit controle d f acces et en- 
trainant le refus dudit acc&s par ladite serrure electro- 
nique . 

5 10. C16 electronique comprenant des moyens (C a jc) de 

calcul cryptographique et des moyens (Tk) de transmission 
de messages ou de donnees pour la mise en oeuvre du proto- 
cole de controle d 1 acces a une serrure electronique (Bi) 
par cette cle electronique (EKjcj) selon l'une des revendi- 

10 cations 1 a 9, caracterisee en ce que, outre une unite 
centrale de calcul (CPU) , lesdits moyens (C a *) de calcul 
cryptographique comportent au moins : 

- une zone memoire (1) a acces protege, permettant 
la memorisation d f au moins une cle privee de signature 

15 (K' s ) et de donnees specifiques d f authentif ication (DAj) , 
ces donnees specifiques d' authentif ication (DAj) consis- 
tant au moins en un certificat de cle publique (K' P ) cons- 
titue par une valeur de signature numerique d ? au moins une 
plage de validite (PHj) relative & un droit d' acces, et de 

20 ladite cle publique (K' P ); 

- une memoire (4) accessible en lecture, permet- 
tant l'appel de programmes de calcul de la valeur de si- 
gnature numerique d'un message variable aleatoire (aij) , 
delivre par cette serrure electronique (Bi) , au moyen de 

25 ladite cle priv6e de signature (K' s ). 

11. Serrure electronique comprenant des moyens 
(Cai) de calcul cryptographique et des moyens (Ti) de 
transmission de messages ou de donn6es pour la mise en oeu- 
vre du protocole de controle d'accfes a cette serrure elec- 

30 tronique par une cle electronique (EK k j) , selon l'une des 
revendications 1 & 9, caracterisee en ce que, outre une 
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unite centrale de calcul (CPU) , lesdits moyens (C a ±) de 
calcul comportent au moins : 

- une zone memoire (5) a acces protege, permettant 
la memorisation d f au moins une cle publique (K P ) de verifi- 

5 cation de signature ; 

- une memoire (6) accessible en lecture, permet- 
tant l'appel de programmes de verification de signature a 
partir de ladite au moins une cle publique. 
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